Wednesday, February 5, 2014

Installing central syslog using rsyslog and LogAnalyzer on CentOS 6.x


## important installing gd gd-devel php-gd allows you to see nice graphs in loganalyzer
yum install httpd php mysql php-mysql mysql-server wget rsyslog rsyslog-mysql gd gd-devel php-gd -y

add services to start for runlevels 2,3,4,5

for x in httpd mysqld ; do chkconfig $x on; done

## start httpd
service  httpd start

## change mySQL root pass
## first start mySQL service
service mysqld start

/usr/bin/mysqladmin -u root password 'yourpass';

## prepare mySQL db for rsyslog
## you can find out correct location using:
rpm -ql rsyslog-mysql-5.8.10-8.el6.x86_64
/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-mysql-5.8.10
/usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql

therefore in my case:
vi /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
and edit top 2 lines to reflect that you actually using rsyslog ( default is syslog):

CREATE DATABASE rsyslogdb;
USE rsyslogdb;

## create actual DB
mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql

## create mySQL db user for specifically for LogAnalyzer and rsyslog.
mysql -u root -p mysql
mysql> GRANT ALL ON rsyslogdb.* TO rsyslog@localhost IDENTIFIED BY 'Password';
mysql> flush privileges;
mysql> exit

## Now we have to edit rsyslog configuration file. I wanted to log all messages to MySQL
## so I would specify *.*. I have instructed rsyslog to log to MySQL running on 127.0.0.1,
## rsyslogdb is the name of the MySQL database, and I have specified MySQL rsyslog username and password.
##Also, I have added AllowedSender directive, this will make sure that rsyslog accepts logs form the clients
## on UDP as well as TCP port 514. Make sure your rsyslog.conf has following lines.

# vi /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

$ModLoad ommysql
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad ommail

$ModLoad ommysql
*.* :ommysql:127.0.0.1,rsyslogdb,rsyslog,Password
$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
##

### make sure to adjust AllowedSender in /etc/rsyslog.conf to match your network
$AllowedSender UDP, 127.0.0.1, 192.168.3.0/24, xxx.xxx.xxx.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.3.0/24, xxx.xxx.xxx.0/24

## Install LogAnalyzer from http://loganalyzer.adiscon.com/downloads
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
tar -zxvf loganalyzer-3.6.5.tar.gz
cp -rp loganalyzer-3.6.5/src /var/www/html/loganalyzer
cp -rp loganalyzer-3.6.5/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer

## Move to the loganalyzer directory, modify the file permissions of the following 2 files, and run
## the configure.sh script. This will create a blank config.php file.

cd /var/www/html/loganalyzer
chmod u+x configure.sh secure.sh
./configure.sh
## create database and user for loganalyzer
mysqladmin  create loganalyzerdb -p
GRANT ALL ON loganalyzerdb.* TO loganalyzer@localhost IDENTIFIED BY 'Password';
Query OK, 0 rows affected (0.00 sec)
flush privileges;
Query OK, 0 rows affected (0.00 sec)

## this is create 0 bytes config.php  this is intentional as config will be done via browser
##Open your web browser and point it to http://Ip-Address/loganalyzer

#follow steps as per screen instructions
# I have included 2 main print screens you need pay attention to.







##Open iptable for UDP and TCP port 514. Open the iptables file and add following rules to it.
# vi /etc/sysconfig/iptables and add the following:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
## restart iptables service
service iptables restart


#Configure clients for Remote Logging
## on the client host ( assuming you have rsyslogd installed)
vi /etc/rsyslog.conf
*.* @@192.168.3.4
service rsyslog restart

## Now it's good time to restart rsyslog central server as well
service rsyslog restart




4 comments:

  1. Articles and Blogs are Enhance the people Knowledge form every Updates...Awaiting for the Next Update and Thanks for the Update about Best Tableau Training It's Personally Helpful for me...
    Java training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery

    ReplyDelete
  2. Protect your privacy, data and peace of mind with this guide to beating thieves, whether they're online or on the street. Website

    ReplyDelete
  3. The Best Kon Boot Alternative Free Download – 2019. With all the problems Kon Boot comes with, it is not worth using it to reset your passwords. Kon Boot

    ReplyDelete
  4. Find the most love-filled, romantic, sweet, good morning message for husband here. We assure you after this you will go nowhere. https://wishesquotz.com/good-morning-messages-for-good-husband/

    ReplyDelete